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REMARKS 

Claims 1-14 and 16-17 are pending in the Application and are now presented for 
examination. Claims 1, 3-11, 13-14 and 16-17 have been amended. No new matter has been 
added. 

Claim 15 has been cancelled without prejudice and without disclaimer of subject matter. 

Claims 1,6, 11, 16 and 17 are independent. 

OBJECTIONS 

On page 2 of the Office Action, the specification is objected to because of informalities. 
Specifically, page 9, lines 3-4 discloses, "in the illustrated embodiment, a person with 
application-level or system-level super user privilege maintains list 54"; and lines 9-10 discloses, 
"in the illustrated embodiment, a person with application-level or system-level super user 
privilege maintains list 58." The Office Action requests clarification on how 54 and 58 could 
maintain identical lists. Applicant contends that lists 54 and 58 are not identical. List 54 
contains names of tmsted individuals, while list 58 contains "group names presumed to be user 
groups and untrusted, based on the name itself," as clearly shown at least in FIG. 1 and page 8, 
line 20; page 9, lines 3-4. 

Additionally, the Office Action further objects to page 10, lines 12-14, which discloses, 
"After steps 110 and 112, the privilege checking program 50 loops back to repeat the foregoing 
analysis and report for the next group." The loop was not shown in FIG. 2A. Applicant has 
amended FIG. 2A and the last paragraph on page 9 to include the loop. 

The Office Action further objects to page 11, line 8, which discloses, "The operating 
system obtains these names from the master configuration file 50." However, FIG. 1 indicates 
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that the master configuration file is 22. Applicant has amended the last paragraph of page 1 1 to 
correct this typographical error. 

The Office Action further objects to "program" 60 of FIG. 1, which is disclosed on pages 
11-12 as "application authority manager program." Applicant has amended FIG. 1 to change the 
name of "program" 60 to "application authority manager program" 60. 

Applicant respectfully asserts that all objections have been addressed and resolved. 

CLAIM REJECTIONS UNDER 35 U.S.C. § 112 

On page 3 of the Office Action, Claims 1, 3, 5, 11 and 14 are rejected under 35 U.S.C. § 
112, second paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which applicant regards as the invention. Claims 1,3,5,11 and 14 are 
rejected under 35 U.S.C. 112, 2nd paragraph as being unclear. Specifically, the Office Action 
states that the Examiner could not understand exactly what functions the third program 
instructions of Claims 1 and 11, and the fourth program instructions of Claims 3, 5 and 14 
perform. 

Applicant has amended Claims 1, 3, 5, 11 and 14 to more clearly and distinctly recite the 
claimed features. Specifically, the preamble of independent Claim 1 has been amended to clarify 
that the function of the computer program product is to determine "that a group has been 
improperly assigned a privilege level higher than user level privilege." Additionally, Claim 1 
has been amended to clarify that the third program instructions "determine whether the group has 
a group name on a second list, the second list including group names generally used for a group 
having user level privileee , and if so, generate a report indicating that the group has a group 
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name generally used for a group with user level privilege, such that members of the group are 
revealed as potentially not trusted," (emphasis added). Applicant believes that Claim 1, as 
amended, clearly expresses the function of the third program instructions and highlights the 
differences between the first list, which contains names of trusted individuals, and the second 
list, which contains group names that are generally used for groups having user level privileges 
(e.g.., "staff," "users," and "nobody"). See page 9, line 4. Applicant believes that the rejection 
under 35 U.S.C. § 1 12 for Claim 1 has been overcome and kindly requests that the rejection be 
withdrawn. 

Dependent Claim 3, which depends from Claim 1, has been amended to clarify that the 
fourth program instructions determine "whether the group has a group name not included on a 
third list, the third list including group names generally used for a group having a privilege level 
higher than user level privilege, and if so, generate a report indicating that the group has a group 
name not on the third list, such that members of the group are revealed as potentially not 
trusted," (emphasis added). Applicant believes that Claim 3, as amended, clearly expresses the 
function of the fourth program instructions and highlights the differences between the second 
list, which contains group names that are generally used for groups having user level privileges, 
and the third list, which contains group names that are generally used for groups having a 
privilege level higher than user level privilege (e.g., "root," "system," and "admin"). See page 
8, lines 25-27. Applicant believes that the rejection under 35 U.S.C. § 112 for Claim 3 has also 
been overcome and kindly requests that the rejection be withdrawn. 

Dependent Claim 5, which also depends from Claim 1, has been amended to clarify that 
"responsive to determining that the group has a group name on the second list," the fourth 
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program instructions, "determine whether each member of the group is on the first list." 
Applicant believes that Claim 5, as amended, clearly expresses the function of the fourth 
program instructions and overcomes the rejection under 35 U.S.C. § 112. Therefore, Applicant 
kindly requests this rejection be withdrawn. 

Independent Claim 11 has also been amended to recite an alternate computer program 
product for deteimining "that a group has been improperly assigned a privilege level higher than 
user level privilege." The language expressing the function of the third program instructions of 
Claim 1 1 has been amended to clearly recite that the third program instructions "determine 
whether the group has a group name not on a second Ust, the second list including group names 
generally used for a group having a privilege level higher than user level privilege, and if so, 
generate a report indicating that the group has a group name not generally used for a group 
having a privilege level higher than user level privilege, such that the members of the group are 
revealed as potentially not trusted," (emphasis added). Applicant believes that Claim 11, as 
amended, clearly expresses the function of the third program instructions and highlights the 
differences between the first list, which contains names of trusted individuals, and the second 
list, which contains group names that are generally used for groups having a privilege level 
higher than user level privilege. Applicant wishes to point out that the second list in Claim 1 1 is 
not the same as the second list in Claim 1. Applicant believes that the rejection under 35 U.S.C. 
§ 112 for Claim 11 has been overcome and kindly requests that the rejection be withdrawn. 

Dependent Claim 14, which depends from Claim 11, has been amended to clarify that 
"responsive to determining that the group has a group name on the second list," the fourth 
program instructions "determine whether each member of the group is on the first list." 



17 



Application No. 10/791,321 
Filed: March 2, 2004 
Attorney Docket No.: END920030127US1 (1397-12U) 

Applicant believes that Claim 14, as amended, clearly expresses the function of the fourth 
program instructions and overcomes the rejection under 35 U.S.C. § 112. Therefore, Applicant 
kindly requests this rejection also be withdrawn. 

CLAIM REJECTIONS UNDER 35 U.S.C. § 103 

1. AAPA in view of Ashland 

On page 4 of the Office Action, Claims 1-17 are rejected under 35 U.S.C. § 103(a) as 
being unpatentable over Applicant Admitted Prior Art (hereinafter "AAPA") in view of United 
States Patent No. 7,219,234 Bl, issued to Ashland, et al. (hereinafter "Ashland"). As an initial 
matter. Claim 15 has been cancelled, thereby rendering the rejection of this claim moot. 

Independent Claim 1 

Applicant asserts that neither the AAPA nor Ashland, whether considered separately or in 
combination, teach or suggest the features of amended independent Claim 1. A feature of 
amended independent Claim 1 is that the computer program product includes first program 
instructions that "compare each member within the group to a first list, the first list including 
names of trusted individuals" and third program instiuctions that "determine whether the group 
has a group name on a second list, the second list including group names generally used for a 
group with user level privilege." These features are not taught disclosed or anticipated by the 
AAPA or Ashland, either standing alone or in combination. 

The Office Action characterizes the AAPA as teaching essentially all the elements of 
Claim 1, except for explicitly disclosing a "computer program product for determining if any of a 
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plurality of groups may have an improper actual level of privilege, said computer program 
product comprising: a computer readable medium, and wherein said first, second and third 
program instructions are recorded on said medium." The Office Action relies upon Ashland to 
teach this feature. Applicant respectfully disagrees with this characterization. 

As the Examiner had expressed confusion over the language of Claim 1 in both an 
interview conducted on 1/30/2008, as well as in the Office Action {see page 4), the Applicant has 
amended Claim 1 solely for the purpose of more clearly and distinctly reciting the claimed 
invention. No additional limitations have been added. Specifically, amended Claim 1 is directed 
to a computer program product for determining that a group has been improperly assigned a 
privilege level higher than user level privilege. The computer program product comprises three 
sets of program instructions. The first program instructions compare each member within the 
group to a first list which includes names of trusted individuals. The second program 
instructions determine whether the group includes at least one member not on the first list, and if 
so, generate a report identifying said at least one member not on the first list and the group in 
which said at least one member is a member. The third program instmctions detemriine whether 
the group has a group name on a second list which includes group names generally used for a 
group with user level privilege, and if so, generate a report indicating that the group has a group 
name generally used for a group having user level privilege, such that members of the group are 
revealed as potentially not trusted. 

The Office Action characterizes the AAPA as teaching the features of "first program 
instructions to compare members within each of said groups to a list of trusted individuals" and 
"third program instructions to determine if any group with an actual privilege level higher than 
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user level privilege has a group name on a list of group names generally used for a group with 
user level privilege" (emphasis added). In support of this position, the Office Action cites to 
page 2, lines 26-28, which states, "An administrator occasionally reviewed the members of 
privileged groups to determine if the administrator knew, through personal knowledge, that the 
members were all trusted individuals," (emphasis added). Additionally, the Office Action cites 
page 2, lines 19-20, which states, "The system administrator would review the privilege level for 
each group to determine if the group names typically used for user groups (as known by the 
system administrator) have higher than "user level privilege," (emphasis added). 

The procedures referenced in the AAPA do not involve comparing members to a list of 
trusted individuals, nor do they involve determining if a group with a privilege level higher than 
user level is on a list of group names generally used for a group with user level privilege. The 
procedures in the AAPA rely exclusively on the general knowledge of the system administrator. 
There is no mention of any type of list being referenced at all. In fact, this lack of standards is 
one of the problems that the AAPA specifically references as needing to be solved, as indicated 
by the statement, "Also, some system administrators did not know which group names were 
typically used for unprivileged users." (page 2, lines 30-31). The methods discussed in the 
AAPA, not only fail to reveal each and every element of claim 1 as asserted in the Office Action, 
they are also insufficient and inferior to those claimed in the present invention as the AAPA 
methods yielded inconsistent and often inaccurate results. 

Additionally, the Office Action contends that Ashland discloses "a computer program 
product for determining if any of a plurality of groups may have an improper actual level of 
privilege." Applicant respectfully disagrees with this assessment. Ashland teaches a method and 
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system for controlling access to system resources by assigning privilege levels to different 
groups or users, but it does not teach a method for determining that previously assigned privilege 
levels are improper. (See Ashland, col. 2, line 26 - col. 3, line 48). Therefore, as neither the 
AAPA nor Ashland, standing alone or in combination, teach, disclose or suggest each and every 
element of Claim 1, Applicant respectfully requests this rejection be withdrawn. 

Independent Claims 6, 11, 16 and 17 

Independent Claims 6, 11, 16 and 17 also recite features similar to those discussed above 
in relation to Claiml. Specifically, each of independent Claims 6, 11, 16 and 17 include 
comparing members of a group or group names to one or more predetermined lists, thereby 
eliminating the need to rely upon personal knowledge. Thus, the arguments presented above in 
relation to Claim 1, apply equally to Independent Claims 6, 11, 16 and 17. Applicant eamestly 
solicits withdrawal of the rejection under § 103(a) and reconsideration of these claims. 

Dependent Claims 2-5. 7-10 and 12-14 

Claims 2-5,7-10 and 12-14 are each dependent either directly or indirectly from one or 
another of independent Claims 1, 6 and 1 1 discussed above. These claims recite additional 
limitations which, in conformity with the features of their corresponding independent claim, are 
not disclosed or suggested by the art of record. The dependent claims are therefore believed 
patentable. However, the individual reconsideration of the patentability of each claim on it own 
merits is respectfully requested. 
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2. Kuhn in view o f Clark 

On page 13 of the Office Action, Claims 1-16 are rejected under 35 U.S.C. § 103(a) as 
being unpatentable over "Kuhn" (U.S. 6,023,765) in view of Clark etal. (U.S. 1, Til, 119 B2, 
referred as "Clark" hereinafter). 

Independent Claim 1 

Applicant asserts that neither the Kuhn nor Clark, whether considered separately or in 
combination, teach or suggest the features of amended independent Claim 1 . Independent Claim 
1 recites a "computer program product for determining that a group has been improperly 
assigned a privilege level higher than user level privilege," and third program instructions that 
"determine whether the group has a group name on a second list, the second list including group 
names generally used for a group with user level privilege," (emphasis added). These features 
are not taught disclosed or anticipated by Kuhn or Clark, either standing alone or in combination. 

The Office Action characterizes Kuhn as disclosing a "computer program product for 
determining if any of a plurality of groups may have an improper actual level of privilege." 
Applicant respectfully disagrees with this assessment. In support of this position, the Office 
Action cites to col. 1, lines 23-29, which states, "assuming individual persons are first identified 
to the system in a satisfactory manner, their access to documents, programs, facilities, and other 
"objects" within the protected computer system is then controlled by a security system simply by 
comparing the user's name against a list of names of persons entitled to access the given object." 
Kuhn discloses a method for determining whether an individual is allowed access to a given 
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object before permitting the individual to access the object. Kuhn does not disclose a method for 
determining whether a group has been improperly assigned a privilege level higher than user 
level privilege. Neither Kuhn nor Clark, standing alone or in combination, teach, disclose or 
suggest this feature. 

Additionally, the Office Action asserts that Kuhn discloses program instructions to 
"determine if any group with an actual privilege level higher than user level privilege has a group 
name on a list of group names generally used for a group with user level privilege." Applicant 
respectfully disagrees. According to Kuhn, a subject can only execute a privilege if the subject 
has been selected or assigned and active role. In other words, Kuhn discloses verifying that a 
subject has a privilege level that authorizes access. In contrast, the claimed feature recites 
determining whether a group that has a privilege level higher than user level privilege actually 
has a group name on a list of group names generally used for a group with user level privilege. 
Kuhn does not disclose anything at all about determining that a group with a higher privilege 
level than user level has a name generally used for a group with user level privilege. 

Neither Kuhn nor Clark, standing alone or in combination, teach, disclose or suggest each 
and every feature of Claim 1. Thus, applicant respectfully requests this rejection be withdrawn. 

Independent Claims 6, 11 and 16 

Independent Claims 6, 1 1 and 16 also recite features similar to those discussed above in 
relation to Claim 1. Specifically, each of independent Claims 6, 11 and 16 include comparing 
members of a group or group names to one or more predetermined lists, thereby eliminating the 
need to rely upon personal knowledge. Additionally each claim recites determining whether a 
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group that has a privilege level higher than user level privilege actually has a group name on a 
list of group names generally used for a group with user level privilege. Thus, the arguments 
presented above in relation to Claim 1, apply equally to Independent Claims 6, 1 1 and 16. 
Applicant earnestly solicits withdrawal of the rejection under § 103(a) and reconsideration of 
these claims. 

Dependent Claims 2-5. 7-10 and 12-14 

Claims 2-5, 7-10 and 12-14 are each dependent either directly or indirectly from one or 
another of independent Claims 1, 6 and 11 discussed above. These claims recite additional 
limitations which, in conformity with the features of their corresponding independent claim, are 
not disclosed or suggested by the art of record. The dependent claims are therefore believed 
patentable. However, the individual reconsideration of the patentability of each claim on it own 
merits is respectfully requested. 

3. Kuhn in view of Morris 

On page 22 of the Office Action, Claim 17 is rejected under 35 U.S.C. §103(a) as being 
unpatentable over "Kuhn" (U.S. 6,023,765) in view of Morris etal. (EP 1 124 184 A2, referred 
as "Morris" hereinafter). 

Independent 17 also recites features similar to those discussed above in relation to Claim 
1. Specifically, Claim 17 recites determining whether a group that has a privilege level higher 
than user level privilege actually has a group name on a list of group names generally used for a 
group with user level privilege. Thus, the arguments presented above in relation to Claim 1, 
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apply equally to Independent Claims 6, 11 and 16. Applicant earnestly solicits withdrawal of the 
rejection under § 103(a) and reconsideration of these claims. 

For all of the above reasons, the claim objections are believed to have been overcome 
placing Claims 1-14 and 16-17 in condition for allowance, and reconsideration and allowance 
thereof is respectfully requested. 

The Examiner is encouraged to telephone the undersigned to discuss any matter that 
would expedite allowance of the present application. 

The Commissioner is hereby authorized to credit overpayments or charge payment of any 
additional fees associated with this communication to Deposit Account No. 090457. 



Respectfully submitted, 



Date: May 9, 2008 By: /Alan M. Weisberg/ 



Alan M. Weisberg 
Reg. No.: 43,982 
Attorney for Applicant 
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Fort Lauderdale, Florida 33301 
Customer No. 68786 
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